package org.flowable.ui.common.security;

import org.fh.util.Jurisdiction;
import org.flowable.idm.api.User;
import org.flowable.ui.common.model.RemoteUser;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import java.util.ArrayList;
import java.util.List;

/**
 * 说明：重构流程编辑器获取用户信息
 * 作者：cd
 * 
 */
public class SecurityUtils {

	private static User assumeUser;

	private SecurityUtils() {
	}

	/**
	 * Get the login of the current user.
	 */
	public static String getCurrentUserId() {
		User user = getCurrentUserObject();
		if (user != null) {
			return user.getId();
		}
		return null;
	}

	/**
	 * @return the {@link User} object associated with the current logged in user.
	 */
	public static User getCurrentUserObject() {
		if (assumeUser != null) {
			return assumeUser;
		}

		RemoteUser user = new RemoteUser();
		user.setId(Jurisdiction.getUsername());
		user.setDisplayName(Jurisdiction.getName());
		user.setFirstName(Jurisdiction.getName());
		user.setLastName(Jurisdiction.getName());
		user.setEmail("admin@flowable.com");
		user.setPassword("123456");
		List<String> pris = new ArrayList<>();
		pris.add(DefaultPrivileges.ACCESS_MODELER);
		pris.add(DefaultPrivileges.ACCESS_IDM);
		pris.add(DefaultPrivileges.ACCESS_ADMIN);
		pris.add(DefaultPrivileges.ACCESS_TASK);
		pris.add(DefaultPrivileges.ACCESS_REST_API);
		user.setPrivileges(pris);
		return user;
	}

	public static FlowableAppUser getCurrentFlowableAppUser() {
		FlowableAppUser user = null;
		SecurityContext securityContext = SecurityContextHolder.getContext();
		if (securityContext != null && securityContext.getAuthentication() != null) {
			Object principal = securityContext.getAuthentication().getPrincipal();
			if (principal instanceof FlowableAppUser) {
				user = (FlowableAppUser) principal;
			}
		}
		return user;
	}

	public static boolean currentUserHasCapability(String capability) {
		FlowableAppUser user = getCurrentFlowableAppUser();
		for (GrantedAuthority grantedAuthority : user.getAuthorities()) {
			if (capability.equals(grantedAuthority.getAuthority())) {
				return true;
			}
		}
		return false;
	}

	public static void assumeUser(User user) {
		assumeUser = user;
	}

	public static void clearAssumeUser() {
		assumeUser = null;
	}
}
